nixos/tests/miniflux.nix at 23.11-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / miniflux.nix
at 23.11-beta 2.9 kB view raw
 1import ./make-test-python.nix ({ pkgs, lib, ... }:
 2
 3let
 4  port = 3142;
 5  username = "alice";
 6  password = "correcthorsebatterystaple";
 7  defaultPort = 8080;
 8  defaultUsername = "admin";
 9  defaultPassword = "password";
10  adminCredentialsFile = pkgs.writeText "admin-credentials" ''
11            ADMIN_USERNAME=${defaultUsername}
12            ADMIN_PASSWORD=${defaultPassword}
13          '';
14  customAdminCredentialsFile = pkgs.writeText "admin-credentials" ''
15            ADMIN_USERNAME=${username}
16            ADMIN_PASSWORD=${password}
17          '';
18
19in
20{
21  name = "miniflux";
22  meta.maintainers = [ ];
23
24  nodes = {
25    default =
26      { ... }:
27      {
28        security.apparmor.enable = true;
29        services.miniflux = {
30          enable = true;
31          inherit adminCredentialsFile;
32        };
33      };
34
35    withoutSudo =
36      { ... }:
37      {
38        security.apparmor.enable = true;
39        services.miniflux = {
40          enable = true;
41          inherit adminCredentialsFile;
42        };
43        security.sudo.enable = false;
44      };
45
46    customized =
47      { ... }:
48      {
49        security.apparmor.enable = true;
50        services.miniflux = {
51          enable = true;
52          config = {
53            CLEANUP_FREQUENCY = "48";
54            LISTEN_ADDR = "localhost:${toString port}";
55          };
56          adminCredentialsFile = customAdminCredentialsFile;
57        };
58      };
59  };
60  testScript = ''
61    start_all()
62
63    default.wait_for_unit("miniflux.service")
64    default.wait_for_open_port(${toString defaultPort})
65    default.succeed("curl --fail 'http://localhost:${toString defaultPort}/healthcheck' | grep OK")
66    default.succeed(
67        "curl 'http://localhost:${toString defaultPort}/v1/me' -u '${defaultUsername}:${defaultPassword}' -H Content-Type:application/json | grep '\"is_admin\":true'"
68    )
69    default.fail('journalctl -b --no-pager --grep "^audit: .*apparmor=\\"DENIED\\""')
70
71    withoutSudo.wait_for_unit("miniflux.service")
72    withoutSudo.wait_for_open_port(${toString defaultPort})
73    withoutSudo.succeed("curl --fail 'http://localhost:${toString defaultPort}/healthcheck' | grep OK")
74    withoutSudo.succeed(
75        "curl 'http://localhost:${toString defaultPort}/v1/me' -u '${defaultUsername}:${defaultPassword}' -H Content-Type:application/json | grep '\"is_admin\":true'"
76    )
77    withoutSudo.fail('journalctl -b --no-pager --grep "^audit: .*apparmor=\\"DENIED\\""')
78
79    customized.wait_for_unit("miniflux.service")
80    customized.wait_for_open_port(${toString port})
81    customized.succeed("curl --fail 'http://localhost:${toString port}/healthcheck' | grep OK")
82    customized.succeed(
83        "curl 'http://localhost:${toString port}/v1/me' -u '${username}:${password}' -H Content-Type:application/json | grep '\"is_admin\":true'"
84    )
85    customized.fail('journalctl -b --no-pager --grep "^audit: .*apparmor=\\"DENIED\\""')
86  '';
87})